1. Field of the Invention
The present invention relates to an information processing apparatus, control method thereof, storage medium, and image processing apparatus.
2. Description of the Related Art
An image processing apparatus such as an existing copying machine and MFP (Multi Function Peripheral) can access an external server using an account used at a login timing to a device. In order to implement such single sign-on, Japanese Patent Laid-Open No. 2011-258000 has proposed a mechanism which allows applications to share user credentials. For example, user credentials acquired when the user logs into a device are cached and shared, thus avoiding from prompting the user to input an account and password again at an access timing to an external server. Thus, the user need not input the same account and password on many occasions.
Japanese Patent Laid-Open No. 8-263417 has proposed a network provider which attempts to access resources of an independent network using data at the login timing to a local computer, so as to implement single sign-on.
However, the aforementioned related arts suffer the following problems. For example, office environments in corporations include an environment suitable for use of a single sign-on function used to access an external server using an account used at a login timing to a device, an unsuitable environment, or a mixed environment. If the single sign-on function is valid in the environment unsuitable for use of the single sign-on function, a problem of low security is posed. In the system of the related art, the mixed environment including the environment suitable for use of the single sign-on function and that unsuitable for use of that function is not taken into consideration, and flexible use settings of the single sign-on function cannot be made in consideration of an office environment in a corporation. The environment suitable for use of the single sign-on function includes an environment in which an IT administrator in the corporation uniformly manages access accounts of computers and devices. In such environment, office staff can access every node on the network using the same account. The environment unsuitable for use of the single sign-on function includes an environment in which an IT administrator in the corporation does not uniformly manage access accounts of nodes. The mixed environment of the environment suitable for use of the single sign-on function and unsuitable environment includes an environment in which nodes and networks, access accounts of which are uniformly managed by an IT administrator and those, access accounts of which are not uniformly managed, are mixed. For example, in an environment in which both domain accounts and local accounts are available as access accounts to nodes, the IT administrator manages the domain accounts, but he or she does not manage the local accounts. Such case also corresponds to the mixed environment.
Authentication protocols which can limit a security domain and use user credentials and protocols which cannot limit the security domain and use user credentials are available. When the user attempts single sign-on to another node from a device using the authentication protocol that cannot limit the security domain in the environment unsuitable for use of the single sign-on function, the following problem is posed. For example, the device accesses the node without judging whether or not an access account of the access destination node is uniformly managed, and illicitly accesses that node if the same authentication data as that of a device login timing which is stored in the access destination node by accident. In the environment that is unsuitable for use for the single sign-on function, the single sign-on function is uniformly inhibited from being used so as to solve that problem. However, in a mixed environment of the environment that is suitable for use of the single sign-on function and unsuitable environment, the problem cannot be solved by the aforementioned method.